Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Blast Radius
ecosystem impact- 1 npm packages depend on openclaw (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 2026.3.8.
DescriptionCVE.org
OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty groupAllowFrom parameter, the message handler synthesizes wildcard sender authorization, permitting any sender in the matched team/channel to trigger replies in allowlisted Teams routes.
AnalysisAI
Authorization bypass in OpenClaw Microsoft Teams plugin (versions before 2026.3.8) permits unauthenticated attackers to circumvent sender allowlists when team/channel routes are configured with empty groupAllowFrom parameters. Remote attackers can exploit this network-accessible flaw with low complexity to trigger unauthorized message replies and access sensitive information in allowlisted Teams routes. EPSS and KEV data not available for this recent CVE; no public exploit identified at time of analysis.
Technical ContextAI
OpenClaw is a messaging automation platform with integrations for collaboration tools including Microsoft Teams. The vulnerability resides in the Teams plugin's message routing logic, specifically in how it validates authorized message senders against configured allowlists. The flaw is classified as CWE-863 (Incorrect Authorization), where the authorization check implementation contains a critical logical error. When administrators configure a team/channel route allowlist but leave the groupAllowFrom parameter empty (likely intending to restrict access), the handler incorrectly synthesizes wildcard authorization rules. This causes the system to grant message reply privileges to any sender within the matched team/channel scope, completely negating the intended access controls. The affected component is identified by CPE cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*, with all versions prior to 2026.3.8 vulnerable. This represents a classic authorization logic flaw where insufficient validation of empty configuration values leads to overly permissive security policies.
RemediationAI
Organizations should immediately upgrade to OpenClaw version 2026.3.8 or later, which contains the fix for the authorization bypass vulnerability. The vendor-released patch is available through the GitHub commit at https://github.com/openclaw/openclaw/commit/88aee9161e0e6d32e810a25711e32a808a1777b2, which corrects the message handler logic to properly enforce sender allowlists even when groupAllowFrom parameters are empty. As an interim workaround for environments unable to upgrade immediately, administrators should audit all Microsoft Teams plugin route allowlist configurations to ensure groupAllowFrom parameters are explicitly populated with authorized sender groups rather than left empty. Organizations not using the Teams plugin or team/channel route allowlists are not affected and do not require immediate action. Refer to the official GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-g7cr-9h7q-4qxq for comprehensive remediation guidance and configuration best practices.
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17391
GHSA-xg59-f45v-9r9j